From: Aram Sargsyan <aram@isc.org>
Date: Fri, 10 Dec 2021 10:12:20 +0000 (+0000)
Subject: Add system test for checking TLS interfaces after a reconfiguration
X-Git-Tag: v9.17.22~45^2
X-Git-Url: http://git.ipfire.org/gitweb/index.cgi?a=commitdiff_plain;h=1bc60caaa061c98708cb86fc7d5780ccc8bc7f28;p=thirdparty%2Fbind9.git

Add system test for checking TLS interfaces after a reconfiguration
---

diff --git a/bin/tests/system/doth/tests.sh b/bin/tests/system/doth/tests.sh
index d3680209f86..8514b0d4b5f 100644
--- a/bin/tests/system/doth/tests.sh
+++ b/bin/tests/system/doth/tests.sh
@@ -35,6 +35,10 @@ dig_with_opts() {
 	"$DIG" $common_dig_options -p "${PORT}" "$@"
 }
 
+rndccmd() (
+	"$RNDC" -c ../common/rndc.conf -p "${CONTROLPORT}" -s "$@"
+)
+
 wait_for_tls_xfer() (
 	srv_number="$1"
 	shift
@@ -435,6 +439,29 @@ grep "ANSWER: 2500" dig.out.test$n > /dev/null || ret=1
 if [ $ret != 0 ]; then echo_i "failed"; fi
 status=$((status + ret))
 
+n=$((n + 1))
+echo_i "doing rndc reconfig to see that queries keep being served after that ($n)"
+ret=0
+rndccmd 10.53.0.1 reconfig
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "checking DoT query (ephemeral key) after a reconfiguration ($n)"
+ret=0
+dig_with_tls_opts @10.53.0.1 . SOA > dig.out.test$n
+grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
+n=$((n + 1))
+echo_i "checking DoH query (POST) after a reconfiguration ($n)"
+ret=0
+dig_with_https_opts @10.53.0.1 . SOA > dig.out.test$n
+grep "status: NOERROR" dig.out.test$n > /dev/null || ret=1
+if [ $ret != 0 ]; then echo_i "failed"; fi
+status=$((status + ret))
+
 test_opcodes() {
 	EXPECT_STATUS="$1"
 	shift